CVE-2018-1265 — Unrestricted File Upload in Foundry Diego

CWE-434 — Unrestricted File Upload4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.6%

top 29.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloud Foundry Diego Cloudfoundry Cf-deployment Pivotal Software Cloud Foundry Diego

Timeline

PublishedJun 6

Latest updateMay 13

Description

Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego Cell.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5cloud_foundry/diegounspecified — 2.8.0

▶NVDpivotal_software/cloud_foundry_diego< 2.8.0

▶NVDcloudfoundry/cf-deployment< 1.37.0

🔴Vulnerability Details

GHSA

GHSA-q4p6-fc6x-phmp: Cloud Foundry Diego, release versions prior to 2↗2022-05-13

▶

CVEList

CVE-2018-1265: Cloud Foundry Diego, release versions prior to 2↗2018-06-06

▶

💬Community

Bugzilla

CVE-2018-11738 sleuthkit: Out-of-bounds memory read in tsk/fs/ntfs.c:ntfs_make_data_run() function allows denial of service↗2018-06-08

▶